How to Build an Alexa Skill to Report Critical Azure Sentinel Incidents Generated Overnight

A colleague of mine, Sonia Cuff, put together an interesting blog post recently that talks about how to integrate Azure Monitor with LIFX lighting devices. See: How to display Azure Monitor alerts with smart lights and no code. That article really got my creative juices flowing. I've since ordered one of the LIFX light bulbs … Continue reading How to Build an Alexa Skill to Report Critical Azure Sentinel Incidents Generated Overnight

Hear about Modernizing the SOC for Efficiency Using Azure Sentinel at the Azure Summit in September

I'm happy to report I'll be bringing the Azure Sentinel goodness to one of the largest cloud events in September. How big is it? 50,000 attendees, 120 speakers, and 110 sessions. That's massive. And, I feel hugely blessed to be bringing the Azure Sentinel message to that audience. But, with that number of sessions on … Continue reading Hear about Modernizing the SOC for Efficiency Using Azure Sentinel at the Azure Summit in September

Not to Miss: Azure Sentinel Costs and Costs Management Webinar

Talking with the customers regularly, I spend the first few minutes showing them the goodness and value of a cloud-based, hybrid and multi-cloud SIEM. Azure Sentinel is a SIEM+SOAR service that is growing quickly and customers are thoroughly interested. But, after that first few minutes of discussion and demo, the conversation always turns to cost. … Continue reading Not to Miss: Azure Sentinel Costs and Costs Management Webinar

How to Deploy the Azure Global IP Services List to an Azure Sentinel Watchlist

On Wednesday of this week, there were a couple announcements around enhancements to the Watchlisting capability for Azure Sentinel. If you missed those, please read What's New: Azure Sentinel Watchlist Support for ARM Templates! - Microsoft Tech Community and What’s New: Azure Sentinel Update Watchlist UI Enhancements - Microsoft Tech Community. On Wednesday evening, we … Continue reading How to Deploy the Azure Global IP Services List to an Azure Sentinel Watchlist

Access Required to Adjust Azure Sentinel Permissions to Run Playbooks

This is an area that's not highlighted anywhere in particular - or, at least not highlighted well enough - but the question does come up quite a bit. Q: What role or access is required to enable or modify the ability for Azure Sentinel to run Playbooks? This question comes up after an Azure Sentinel … Continue reading Access Required to Adjust Azure Sentinel Permissions to Run Playbooks

How to Import and Export Azure Sentinel Analytics Rules Using the Console

Hopefully, you already know about the methods using PowerShell to import and export Azure Sentinel Analytics Rules. If not, see How to Import One or Multiple Analytics Rules into Azure Sentinel – Azure Cloud & AI Domain Blog (azurecloudai.blog) and Official Azure Sentinel PowerShell Module Released – Azure Cloud & AI Domain Blog (azurecloudai.blog). But, … Continue reading How to Import and Export Azure Sentinel Analytics Rules Using the Console

How to Limit What Azure Sentinel Collects from Windows Systems

The holy grail for data collection from Windows systems is here. Today marks the beginnings of the capability to enable Azure Sentinel customers to manage and filter the amount of information through the types of Event IDs that are collected and sent to the Log Analytics workspace. This has been a big ask of Azure … Continue reading How to Limit What Azure Sentinel Collects from Windows Systems

Replay Available: Cicadas and Microsoft Defender for Identity on the Microsoft Security Insights Podcast

Edward was out again this week so I filled in, helping as a guest-host once again. The discussion was wonderful and I learned a heap about Microsoft Defender for Identity, including some things I've been asked about by customers recently. Now, I can go back to those customers and sound really cool and intelligent. I … Continue reading Replay Available: Cicadas and Microsoft Defender for Identity on the Microsoft Security Insights Podcast

How to Configure Users for Teams Integration and Privileged Access Separation for Azure Sentinel

In Azure Sentinel, its easy to quickly create a Teams channel for a specific Incident to use as a centralized "war room" for critical events. You choose the Action option for the Incident, choose Create Team and supply the Teams channel information along with who should have proper access through AAD Group inheritance. Once the … Continue reading How to Configure Users for Teams Integration and Privileged Access Separation for Azure Sentinel